An alarming increase in cybercrime activity has been observed as hackers in countries blocked by OpenAI attempt to bypass the chatbot’s geofences. According to Check Point cyber security experts, criminals have recently been engaging in a surge of activity in underground forums related to trading and selling compromised ChatGPT premium accounts.
These so-called “premium” accounts refer to ChatGPT Plus, different from the free service in that it offers new features and a much faster response time. Usually these accounts are available for sale, but there has been evidence of criminals who advertise their own services or tools by sharing these accounts for free. Russia, China and Iran are, surprisingly, some of the countries which have been found to be actively engaging in this type of activity.
Because ChatGPT can generate text for phishing and other scams, hackers can use it to craft emails and other messages intended to deceive their victims into handing over their usernames and passwords. It can also be used to create trivial malware that is able to infect gullible networks and making cybercrime a more affordable venture.
But these stolen accounts present yet another potential problem: they store their user’s recent queries. These queries may contain delicate information, such as personal or proprietary information, that the user might have been believed to have been more secure.
To steal these accounts, criminals use a range of tools, with one of the most popular being SilverBullet, which is used to scrape data and automate web application testing, among other functions. A configuration file for this program was spotted for sale, and another criminal, who goes by the alias “gpt4”, is said to offer automated verification tools.
Most remarkably, there appears to be a service offering “ChatGPT Plus lifetime account service”, for “100 percent satisfaction”, costing only $24.99. Although the regular lifetime upgrade of a regular ChatGPT Plus account costs $59.00, which goes to show the value criminals can get by going the shady route.
Check Point is a respected international provider of cyber security solutions and managed security services, with clients ranging from Fortune 500 companies to medium-sized businesses. Their pioneering products are used around the world, backed by a wide range of services such as security research and intelligence dedicated to helping to protect against the most advanced cyber threats. Sergey Shykevich is the Threat Intelligence Group Manager at Check Point, who has spoken to The Register about how easy it is for anyone, regardless of technical knowledge, to become a cyber criminal with the help of ChatGPT.
Criminals have been able to leverage the power of ChatGPT to their advantage, but users should still remain vigilant against these types of attacks. It is therefore possible to enjoy the features of ChatGPT without risking one’s security and privacy.